photoshop_cs5_rus_install.exe

ВERSHNET LLC

The application photoshop_cs5_rus_install.exe by ВERSHNET has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from eh907fh9alcpc2v.eodclan.ru.
Publisher:
ВERSHNET LLC  (signed and verified)

Version:
1.0.0.0

MD5:
1eb113202051630e27bfb7d84e1f6e98

SHA-1:
10b4f401f8030fca4f9ed327b92b9d5acddf84d5

SHA-256:
c2596f215665cca2c992bcd2078779267918a600efda27d8162fec362af98377

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 6:33:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OutBrowse.ERSHNET.Installer (M)
16.2.27.15

File size:
3.3 MB (3,452,984 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\photoshop_cs5_rus_install.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/5/2015 2:00:00 AM

Valid to:
2/6/2016 1:59:59 AM

Subject:
CN=ВERSHNET LLC, O=ВERSHNET LLC, STREET="600-Richchya, house 66, office 10", L=Vinnitsa, S=Vinnitskiy Region, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0DCBDEF5E756334284571793EA14D465

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:PucJrGMLYG1LTnQ9r5vtnn/X785c01A1dHxx5MyeuwSny6eEL7/pTzl1PH:bJr7T7gPv785ctdHxxfeuwHg/pfT

Entry address:
0x974D50

Entry point:
60, BE, 00, D0, AA, 00, 8D, BE, 00, 40, 95, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
2.8 MB (2,920,448 bytes)

The file photoshop_cs5_rus_install.exe has been seen being distributed by the following URL.

Remove photoshop_cs5_rus_install.exe - Powered by Reason Core Security